Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information “inadvertently” collected from domestic US communications without a warrant.

The Guardian is publishing in full two documents submitted to the secret Foreign Intelligence Surveillance Court (known as the Fisa court), signed by Attorney General Eric Holder and stamped 29 July 2009. They detail the procedures the NSA is required to follow to target “non-US persons” under its foreign intelligence powers and what the agency does to minimize data collected on US citizens and residents in the course of that surveillance.

The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used.

The procedures cover only part of the NSA’s surveillance of domestic US communications. The bulk collection of domestic call records, as first revealed by the Guardian earlier this month, takes place under rolling court orders issued on the basis of a legal interpretation of a different authority, section 215 of the Patriot Act.

The Fisa court’s oversight rolehas been referenced many times by Barack Obama and senior intelligence officials as they have sought to reassure the public about surveillance, but the procedures approved by the court have never before been publicly disclosed.

The top secret documents published today detail the circumstances in which data collected on US persons under the foreign intelligence authority must be destroyed, extensive steps analysts must take to try to check targets are outside the US, and reveals how US call records are used to help remove US citizens and residents from data collection.

However, alongside those provisions, the Fisa court-approved policies allow the NSA to:

• Keep data that could potentially contain details of US persons for up to five years;

• Retain and make use of “inadvertently acquired” domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;

• Access the content of communications gathered from “U.S. based machine[s]” or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.

The broad scope of the court orders, and the nature of the procedures set out in the documents, appear to clash with assurances from President Obama and senior intelligence officials that the NSA could not access Americans’ call or email information without warrants.

The documents also show that discretion as to who is actually targeted under the NSA’s foreign surveillance powers lies directly with its own analysts, without recourse to courts or superiors – though a percentage of targeting decisions are reviewed by internal audit teams on a regular basis.

Since the Guardian first revealed the extent of the NSA’s collection of US communications, there have been repeated calls for the legal basis of the programs to be released. On Thursday, two US congressmen introduced a bill compelling the Obama administration to declassify the secret legal justifications for NSA surveillance.

The disclosure bill, sponsored by Adam Schiff, a California Democrat, and Todd Rokita, an Indiana Republican, is a complement to one proposed in the Senate last week. It would “increase the transparency of the Fisa Court and the state of the law in this area,” Schiff told the Guardian. “It would give the public a better understanding of the safeguards, as well as the scope of these programs.”

Section 702 of the Fisa Amendments Act (FAA), which was renewed for five years last December, is the authority under which the NSA is allowed to collect large-scale data, including foreign communications and also communications between the US and other countries, provided the target is overseas.

FAA warrants are issued by the Fisa court for up to 12 months at a time, and authorise the collection of bulk information – some of which can include communications of US citizens, or people inside the US. To intentionally target either of those groups requires an individual warrant.

One-paragraph order

One such warrant seen by the Guardian shows that they do not contain detailed legal rulings or explanation. Instead, the one-paragraph order, signed by a Fisa court judge in 2010, declares that the procedures submitted by the attorney general on behalf of the NSA are consistent with US law and the fourth amendment.

Those procedures state that the “NSA determines whether a person is a non-United States person reasonably believed to be outside the United States in light of the totality of the circumstances based on the information available with respect to that person, including information concerning the communications facility or facilities used by that person”.

It includes information that the NSA analyst uses to make this determination – including IP addresses, statements made by the potential target, and other information in the NSA databases, which can include public information and data collected by other agencies.

Where the NSA has no specific information on a person’s location, analysts are free to presume they are overseas, the document continues.

“In the absence of specific information regarding whether a target is a United States person,” it states “a person reasonably believed to be located outside the United States or whose location is not known will be presumed to be a non-United States person unless such person can be positively identified as a United States person.”

If it later appears that a target is in fact located in the US, analysts are permitted to look at the content of messages, or listen to phone calls, to establish if this is indeed the case.

Referring to steps taken to prevent intentional collection of telephone content of those inside the US, the document states: “NSA analysts may analyze content for indications that a foreign target has entered or intends to enter the United States. Such content analysis will be conducted according to analytic and intelligence requirements and priorities.”

Details set out in the “minimization procedures”, regularly referred to in House and Senate hearings, as well as public statements in recent weeks, also raise questions as to the extent of monitoring of US citizens and residents.

NSA minimization procedures signed by Holder in 2009 set out that once a target is confirmed to be within the US, interception must stop immediately. However, these circumstances do not apply to large-scale data where the NSA claims it is unable to filter US communications from non-US ones.

The NSA is empowered to retain data for up to five years and the policy states “communications which may be retained include electronic communications acquired because of limitations on the NSA’s ability to filter communications”.

Even if upon examination a communication is found to be domestic – entirely within the US – the NSA can appeal to its director to keep what it has found if it contains “significant foreign intelligence information”, “evidence of a crime”, “technical data base information” (such as encrypted communications), or “information pertaining to a threat of serious harm to life or property”.

Domestic communications containing none of the above must be destroyed. Communications in which one party was outside the US, but the other is a US-person, are permitted for retention under FAA rules.

The minimization procedure adds that these can be disseminated to other agencies or friendly governments if the US person is anonymised, or including the US person’s identity under certain criteria.

A separate section of the same document notes that as soon as any intercepted communications are determined to have been between someone under US criminal indictment and their attorney, surveillance must stop. However, the material collected can be retained, if it is useful, though in a segregated database:

“The relevant portion of the communication containing that conversation will be segregated and the National Security Division of the Department of Justice will be notified so that appropriate procedures may be established to protect such communications from review or use in any criminal prosecution, while preserving foreign intelligence information contained therein,” the document states.

In practice, much of the decision-making appears to lie with NSA analysts, rather than the Fisa court or senior officials.

A transcript of a 2008 briefing on FAA from the NSA’s general counsel sets out how much discretion NSA analysts possess when it comes to the specifics of targeting, and making decisions on who they believe is a non-US person. Referring to a situation where there has been a suggestion a target is within the US.

“Once again, the standard here is a reasonable belief that your target is outside the United States. What does that mean when you get information that might lead you to believe the contrary? It means you can’t ignore it. You can’t turn a blind eye to somebody saying: ‘Hey, I think so and so is in the United States.’ You can’t ignore that. Does it mean you have to completely turn off collection the minute you hear that? No, it means you have to do some sort of investigation: ‘Is that guy right? Is my target here?” he says.

“But, if everything else you have says ‘no’ (he talked yesterday, I saw him on TV yesterday, even, depending on the target, he was in Baghdad) you can still continue targeting but you have to keep that in mind. You can’t put it aside. You have to investigate it and, once again, with that new information in mind, what is your reasonable belief about your target’s location?”

The broad nature of the court’s oversight role, and the discretion given to NSA analysts, sheds light on responses from the administration and internet companies to the Guardian’s disclosure of the PRISM program. They have stated that the content of online communications is turned over to the NSA only pursuant to a court order. But except when a US citizen is specifically targeted, the court orders used by the NSA to obtain that information as part of Prism are these general FAA orders, not individualized warrants specific to any individual.

Once armed with these general orders, the NSA is empowered to compel telephone and internet companies to turn over to it the communications of any individual identified by the NSA. The Fisa court plays no role in the selection of those individuals, nor does it monitor who is selected by the NSA.

The NSA’s ability to collect and retain the communications of people in the US, even without a warrant, has fuelled congressional demands for an estimate of how many Americans have been caught up in surveillance.

Two US senators, Ron Wyden and Mark Udall – both members of the Senate intelligence committee – have been seeking this information since 2011, but senior White House and intelligence officials have repeatedly insisted that the agency is unable to gather such statistics.

Background Articles and Videos

Stellar Wind

Stellar Wind was the open secret code name for four surveillance programs by the United States National Security Agency (NSA) during the presidency of George W. Bush and revealed by Thomas Tamm to The New York Times reporters James Risen and Eric Lichtblau.[1] The operation was approved by President George W. Bush shortly after the September 11 attacks in 2001.[2] Stellar Wind was succeeded during the presidency of Barack Obama by four major lines of intelligence collection in the territorial United States, together capable of spanning the full range of modern telecommunications.[3]

The program’s activities involved data mining of a large database of the communications of American citizens, including e-mail communications, phone conversations, financial transactions, and Internet activity.[1] William Binney, a retired Technical Leader with the NSA, discussed some of the architectural and operational elements of the program at the 2012 Chaos Communication Congress.[4]

There were internal disputes within the Justice Department about the legality of the program, because data are collected for large numbers of people, not just the subjects of Foreign Intelligence Surveillance Act (FISA) warrants.[4]

During the Bush Administration, the Stellar Wind cases were referred to by FBI agents as “pizza cases” because many seemingly suspicious cases turned out to be food takeout orders. According to Mueller, approximately 99 percent of the cases led nowhere, but “it’s that other 1% that we’ve got to be concerned about”.[2] One of the known uses of these data were the creation of suspicious activity reports, or “SARS”, about people suspected of terrorist activities. It was one of these reports that revealed former New York governor Eliot Spitzer’s use of prostitutes, even though he was not suspected of terrorist activities.[1]

In March 2012 Wired magazine published “The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)” talking about a vast new NSA facility in Utah and says “For the first time, a former NSA official has gone on the record to describe the program, codenamed Stellar Wind, in detail,” naming the official William Binney, a former NSA code breaker. Binney went on to say that the NSA had highly secured rooms that tap into major switches, and satellite communications at both AT&T and Verizon.[5] The article suggested that the otherwise dispatched Stellar Wind is actually an active program.

PRISM

PRISM is a clandestine national security electronic surveillance program operated by the United States National Security Agency (NSA) since 2007.[1][2][3][Notes 1]PRISM is a government codename for a data collection effort known officially as US-984XN.[8][9] It is operated under the supervision of the United States Foreign Intelligence Surveillance Court pursuant to the Foreign Intelligence Surveillance Act (FISA).[10] The existence of the program was leaked by NSA contractor Edward Snowden and published by The Guardian and The Washington Post on June 6, 2013.

A document included in the leak indicated that the PRISM SIGAD was “the number one source of raw intelligence used for NSA analytic reports.”[11] The President’s Daily Brief, an all-source intelligence product, cited PRISM data as a source in 1,477 items in 2012.[12] The leaked information came to light one day after the revelation that the United States Foreign Intelligence Surveillance Court had been requiring the telecommunications company Verizon to turn over to the NSA logs tracking all of its customers’ telephone calls on an ongoing daily basis.[13][14]

According to the Director of National Intelligence James Clapper, PRISM cannot be used to intentionally target any Americans or anyone in the United States. Clapper said a special court, Congress, and the executive branch oversee the program and extensive procedures ensure the acquisition, retention, and dissemination of data accidentally collected about Americans is kept to a minimum.[15] Clapper issued a statement and “fact sheet”[16] to correct what he characterized as “significant misimpressions” in articles by The Washington Post and The Guardian newspapers.[17]

History

Slide showing that much of the world’s communications flow through the US

Details of information collected via PRISM

PRISM is a “Special Source Operation” in the tradition of NSA’s intelligence alliances with as many as 100 trusted U.S. companies since the 1970s.[1] A prior program, the Terrorist Surveillance Program, was implemented in the wake of the September 11 attacks under the George W. Bush Administration but was widely criticized and had its legality questioned, because it was conducted without approval of the Foreign Intelligence Surveillance Court (FISC).[18][19][20][21] PRISM was authorized by an order of the FISC.[11] Its creation was enabled by the Protect America Act of 2007 under President Bush and the FISA Amendments Act of 2008, which legally immunized private companies that cooperated voluntarily with US intelligence collection and was renewed by Congress under President Obama in 2012 for five years until December 2017.[2][22] According to The Register, the FISA Amendments Act of 2008 “specifically authorizes intelligence agencies to monitor the phone, email, and other communications of U.S. citizens for up to a week without obtaining a warrant” when one of the parties is outside the U.S.[22]

PRISM was first publicly revealed on June 6, 2013, after classified documents about the program were leaked to The Washington Post and The Guardian by American Edward Snowden.[2][1] The leaked documents included 41 PowerPoint slides, four of which were published in news articles.[1][2] The documents identified several technology companies as participants in the PRISM program, including (date of joining PRISM in parentheses) Microsoft (2007), Yahoo! (2008), Google (2009), Facebook (2009), Paltalk (2009), YouTube (2010), AOL (2011), Skype (2011), and Apple (2012).[23] The speaker’s notes in the briefing document reviewed by The Washington Post indicated that “98 percent of PRISM production is based on Yahoo, Google and Microsoft.”[1]

The slide presentation stated that much of the world’s electronic communications pass through the United States, because electronic communications data tend to follow the least expensive route rather than the most physically direct route, and the bulk of the world’s internet infrastructure is based in the United States.[11] The presentation noted that these facts provide United States intelligence analysts with opportunities for intercepting the communications of foreign targets as their electronic data pass into or through the United States.[2][11]

According to The Washington Post, the intelligence analysts search PRISM data using terms intended to identify suspicious communications of targets whom the analysts suspect with at least 51 percent confidence to not be United States citizens, but in the process, communication data of some United States citizens are also collected unintentionally.[1] Training materials for analysts tell them that while they should periodically report such accidental collection of non-foreign United States data, “it’s nothing to worry about.”[1]

Response from companies

The original Washington Post and Guardian articles reporting on PRISM noted that one of the leaked briefing documents said PRISM involves collection of data “directly from the servers” of several major internet services providers.[2][1]

Initial Public Statements

Corporate executives of several companies identified in the leaked documents told The Guardian that they had no knowledge of the PRISM program in particular and also denied making information available to the government on the scale alleged by news reports.[2][24] Statements of several of the companies named in the leaked documents were reported by TechCrunch and The Washington Post as follows:[25][26]

Slide listing companies and the date that PRISM collection began

Microsoft: “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”[25]

Yahoo!: “Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.”[25] “Of the hundreds of millions of users we serve, an infinitesimal percentage will ever be the subject of a government data collection directive.”[26]

Facebook: “We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”[25]

Google: “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a backdoor for the government to access private user data.”[25] “[A]ny suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.”[26]

Apple: “We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”[27]

Dropbox: “We’ve seen reports that Dropbox might be asked to participate in a government program called PRISM. We are not part of any such program and remain committed to protecting our users’ privacy.”[25]

In response to the technology companies’ denials of the NSA being able to directly access the companies’ servers, The New York Times reported that sources had stated the NSA was gathering the surveillance data from the companies using other technical means in response to court orders for specific sets of data.[13]The Washington Post suggested, “It is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author. In another classified report obtained by The Post, the arrangement is described as allowing ‘collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,’ rather than directly to company servers.”[1] “[I]n context, ‘direct’ is more likely to mean that the NSA is receiving data sent to them deliberately by the tech companies, as opposed to intercepting communications as they’re transmitted to some other destination.[26]

“If these companies received an order under the FISA amendments act, they are forbidden by law from disclosing having received the order and disclosing any information about the order at all,” Mark Rumold, staff attorney at the Electronic Frontier Foundation, told ABC News.[28]

Slide showing two different sources of NSA data collection. The first source the fiber optic cables of the internet handled by the Upstream program and the second source the servers of major internet companies handled by PRISM.[29]

On May 28, 2013, Google was ordered by United States District Court Judge Susan Illston to comply with a National Security Letter issued by the FBI to provide user data without a warrant.[30] Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation, in an interview with VentureBeat said, “I certainly appreciate that Google put out a transparency report, but it appears that the transparency didn’t include this. I wouldn’t be surprised if they were subject to a gag order.”[31]

The New York Times reported on June 7, 2013, that “Twitter declined to make it easier for the government. But other companies were more compliant, according to people briefed on the negotiations.”[32] The other companies held discussions with national security personnel on how to make data available more efficiently and securely.[32] In some cases, these companies made modifications to their systems in support of the intelligence collection effort.[32] The dialogues have continued in recent months, as General Martin Dempsey, the chairman of the Joint Chiefs of Staff, has met with executives including those at Facebook, Microsoft, Google and Intel.[32] These details on the discussions provide insight into the disparity between initial descriptions of the government program including a training slide which states “Collection directly from the servers”[29] and the companies’ denials.[32]

While providing data in response to a legitimate FISA request approved by FISC is a legal requirement, modifying systems to make it easier for the government to collect the data is not. This is why Twitter could legally decline to provide an enhanced mechanism for data transmission.[32] Other than Twitter, the companies were effectively asked to construct a locked mailbox and provide the key to the government, people briefed on the negotiations said.[32] Facebook, for instance, built such a system for requesting and sharing the information.[32] Google does not provide a lockbox system, but instead transmits required data by hand delivery or secure FTP.[33]

Post-PRISM Transparency Reports

In response to the publicity surrounding media reports of data-sharing, several companies requested permission to reveal more public information about the nature and scope of information provided in response to National Security requests.

On June 14, 2013, Facebook reported that the U.S. Government had authorized the communication of “about these numbers in aggregate, and as a range.” In a press release posted to their web site, Facebook reported, “For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) – was between 9,000 and 10,000.” Facebook further reported that the requests impacted “between 18,000 and 19,000″ user accounts, a “tiny fraction of one percent” of more than 1.1 billion active user accounts.[34]

Microsoft reported that for the same period, it received “between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities (including local, state and federal)” which impacted “a tiny fraction of Microsoft’s global customer base”.[35]

Google issued a statement criticizing the requirement that data be reported in aggregated form, stating that lumping national security requests with criminal request data would be “a step backwards” from its previous, more detailed practices on its site transparency report. The company said that it would continue to seek government permission to publish the number and extent of FISA requests.[36]

Response from United States government

Executive branch

Shortly after publication of the reports by The Guardian and The Washington Post, the United States Director of National Intelligence, James Clapper, on June 7 released a statement confirming that for nearly six years the government of the United States had been using large internet services companies such as Google and Facebook to collect information on foreigners outside the United States as a defense against national security threats.[13] The statement read in part, “The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies.”[37] He went on to say, “Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States. It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.”[37] Clapper concluded his statement by stating “The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.”[37] On March 12, 2013, Clapper had told the United States Senate Select Committee on Intelligence that the NSA does “not wittingly” collect any type of data on millions or hundreds of millions of Americans.[38] In an NBC News interview, Clapper said he answered Senator Wyden’s question in the “least untruthful manner by saying no”.[39]

Clapper also stated that “the NSA collects the phone data in broad swaths, because collecting it (in) a narrow fashion would make it harder to identify terrorism-related communications. The information collected lets the government, over time, make connections about terrorist activities. The program doesn’t let the U.S. listen to people’s calls, but only includes information like call length and telephone numbers dialed.”[15]

On June 8, 2013, Clapper said “the surveillance activities published in The Guardian and The Washington Post are lawful and conducted under authorities widely known and discussed, and fully debated and authorized by Congress.”[40][10] The fact sheet described PRISM as “an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. § 1881a).”[10]

The National Intelligence fact sheet further stated that “the United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers. All such information is obtained with FISA Court approval and with the knowledge of the provider based upon a written directive from the Attorney General and the Director of National Intelligence.” It said that the Attorney General provides FISA Court rulings and semi-annual reports about PRISM activities to Congress, “provid[ing] an unprecedented degree of accountability and transparency.”[10]

The President of the United States, Barack Obama, said on June 7 “What you’ve got is two programs that were originally authorized by Congress, have been repeatedly authorized by Congress. Bipartisan majorities have approved them. Congress is continually briefed on how these are conducted. There are a whole range of safeguards involved. And federal judges are overseeing the entire program throughout.”[41] He also said, “You can’t have 100 percent security and then also have 100 percent privacy and zero inconvenience. You know, we’re going to have to make some choices as a society.”[41]

In separate statements, senior (not mentioned by name in source) Obama administration officials said that Congress had been briefed 13 times on the programs since 2009.[42]

Legislative branch

In contrast to their swift and forceful reactions the previous day to allegations that the government had been conducting surveillance of United States citizens’ telephone records, Congressional leaders initially had little to say about the PRISM program the day after leaked information about the program was published. Several lawmakers declined to discuss PRISM, citing its top-secret classification,[43] and others said that they had not been aware of the program.[44] After statements had been released by the President and the Director of National Intelligence, some lawmakers began to comment:

Senator John McCain (R-AZ)

June 9 “We passed the Patriot Act. We passed specific provisions of the act that allowed for this program to take place, to be enacted in operation,”[45]

June 9 “These programs are within the law”, “part of our obligation is keeping Americans safe”, “Human intelligence isn’t going to do it”.[46]

June 9 “Here’s the rub: the instances where this has produced good — has disrupted plots, prevented terrorist attacks, is all classified, that’s what’s so hard about this.”[47]

June 11 “It went fine…we asked him[ Keith Alexander ] to declassify things because it would be helpful (for people and lawmakers to better understand the intelligence programs).” “I’ve just got to see if the information gets declassified. I’m sure people will find it very interesting.”[48]

Senator Susan Collins (R-ME), member of Senate Intelligence Committee and past member of Homeland Security Committee

June 11 “I had, along with Joe Lieberman, a monthly threat briefing, but I did not have access to this highly compartmentalized information” and “How can you ask when you don’t know the program exists?”[49]

Representative John Boehner (R-OH), Speaker of the House of Representatives

June 9, “This is well beyond what the Patriot Act allows.”[51] “President Obama’s claim that ‘this is the most transparent administration in history’ has once again proven false. In fact, it appears that no administration has ever peered more closely or intimately into the lives of innocent Americans.”[51]

Representative Mike Rogers (R-MI), a Chairman of the Permanent Select Committee on Intelligence.

June 9 “One of the things that we’re charged with is keeping America safe and keeping our civil liberties and privacy intact. I think we have done both in this particular case,”[46]

June 9 “Within the last few years this program was used to stop a program, excuse me, to stop a terrorist attack in the United States we know that. It’s, it’s, it’s important, it fills in a little seam that we have and it’s used to make sure that there is not an international nexus to any terrorism event that they may believe is ongoing in the United States. So in that regard it is a very valuable thing,”[52]

Senator Mark Udall (D-CO)

June 9 “I don’t think the American public knows the extent or knew the extent to which they were being surveilled and their data was being collected.” “I think we ought to reopen the Patriot Act and put some limits on the amount of data that the National Security (Agency) is collecting,” “It ought to remain sacred, and there’s got to be a balance here. That is what I’m aiming for. Let’s have the debate, let’s be transparent, let’s open this up”.[46]

Representative Todd Rokita (R-IN)

June 10 “We have no idea when they [ FISA ] meet, we have no idea what their judgments are”,[53]

Senator Rand Paul (R-KY)

June 6 “When the Senate rushed through a last-minute extension of the FISA Amendments Act late last year, I insisted on a vote on my amendment (SA 3436) to require stronger protections on business records and prohibiting the kind of data-mining this case has revealed. Just last month, I introduced S.1037, the Fourth Amendment Preservation and Protection Act,”[54]

June 9 “I’m going to be seeing if I can challenge this at the Supreme Court level. I’m going to be asking the Internet providers and all of the phone companies: ask your customers to join me in a class-action lawsuit.”[45]

Representative Luis Gutierrez (D-IL)

June 9 “We will be receiving secret briefings and we will be asking, I know I’m going to be asking to get more information. I want to make sure that what they’re doing is harvesting information that is necessary to keep us safe and not simply going into everybody’s private telephone conversations and Facebook and communications. I mean one of the, you know the terrorists win when you debilitate freedom of expression and privacy.”[52]

Judicial branch

The Foreign Intelligence Surveillance Court (FISC) has not acknowledged, denied or confirmed any involvement in the PRISM program at this time. It has not issued any press statement or release relating to the current situation and uncertainty.

Applicable law and practice

On June 8, 2013, the Director of National Intelligence issued a fact sheet stating that PRISM “is not an undisclosed collection or data mining program”, but rather computer software used to facilitate the collection of foreign intelligence information “under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. § 1881a).”[10] Section 702 provides that “the Attorney General [A.G.] and the Director of National Intelligence [DNI] may authorize jointly, for a period of up to 1 year from the effective date of the authorization, the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information.”[55] In order to authorize the targeting, the A.G. and DNI need to get an order from the Foreign Intelligence Surveillance Court (FISC) pursuant to Section 702 or certify that “intelligence important to the national security of the United States may be lost or not timely acquired and time does not permit the issuance of an order.”[55] When asking for an order, the A.G. and DNI must certify to FISC that “a significant purpose of the acquisition is to obtain foreign intelligence information.”[55] They do not need to specify which facilities or property that the targeting will be directed at.[55]

After getting a FISC order or determining that there are emergency circumstances, the A.G. and DNI can direct an electronic communication service provider to give them access to information or facilities to carry out the targeting and keep the targeting secret.[55] The provider then has the option to: (1) comply with the directive; (2) reject it; or (3) challenge it to FISC.

If the provider complies with the directive, it is released from liability to its users for providing the information and reimbursed for the cost of providing it.[55]

If the provider rejects the directive, the A.G. may request an order from FISC to enforce it.[55] A provider that fails to comply with FISC’s order can be punished with contempt of court.[55]

Finally, a provider can petition FISC to reject the directive.[55] In case FISC denies the petition and orders the provider to comply with the directive, the provider risks contempt of court if it refuses to comply with FISC’s order.[55] The provider can appeal FISC’s denial to the Foreign Intelligence Surveillance Court of Review and then appeal the Court of Review’s decision to the Supreme Court by a writ of certiorari for review under seal.[55]

The Senate Select Committee on Intelligence and the FISA Courts had been put in place to oversee intelligence operations in the period after the death of J. Edgar Hoover. Beverly Gage of Slate said, “When they were created, these new mechanisms were supposed to stop the kinds of abuses that men like Hoover had engineered. Instead, it now looks as if they have come to function as rubber stamps for the expansive ambitions of the intelligence community. J. Edgar Hoover no longer rules Washington, but it turns out we didn’t need him anyway.”[56]

Involvement of other countries

Australia

The Australian government has said it will investigate the impact of the PRISM program and the use of the Pine Gap surveillance facility on the privacy of Australian citizens.[57]

Canada

Canada’s national cryptologic agency, the Communications Security Establishment, said that commenting on PRISM “would undermine CSE’s ability to carry out its mandate”. Privacy Commissioner Jennifer Stoddart lamented Canada’s standards when it comes to protecting personal online privacy stating “We have fallen too far behind,” Stoddart wrote in her report. “While other nations’ data protection authorities have the legal power to make binding orders, levy hefty fines and take meaningful action in the event of serious data breaches, we are restricted to a ‘soft’ approach: persuasion, encouragement and, at the most, the potential to publish the names of transgressors in the public interest.” And, “when push comes to shove,” Stoddart wrote, “short of a costly and time-consuming court battle, we have no power to enforce our recommendations.”[58]

Germany

Germany did not receive any raw PRISM data, according to a Reuters report.[59]

Israel

Israeli newspaper Calcalist discussed[60] the Business Insider article[61] about the possible involvement of technologies from two secretive Israeli companies in the PRISM program – Verint Systems and Narus.

New Zealand

In New Zealand, University of Otago information science Associate Professor Hank Wolfe said that “under what was unofficially known as the Five Eyes Alliance, New Zealand and other governments, including the United States, Australia, Canada, and Britain, dealt with internal spying by saying they didn’t do it. But they have all the partners doing it for them and then they share all the information.”[62]

United Kingdom

In the United Kingdom, Government Communications Headquarters (GCHQ) has had access to the PRISM program on or before June 2010 and wrote 197 reports with it in 2012 alone. PRISM may have allowed GCHQ to circumvent the formal legal process required to seek personal material.[63][64]

Domestic response

The neutrality of this section is disputed. Please do not remove this message until the dispute is resolved. (June 2013)

The New York Times editorial board charged that the Obama administration “has now lost all credibility on this issue,”[65] and lamented that “for years, members of Congress ignored evidence that domestic intelligence-gathering had grown beyond their control, and, even now, few seem disturbed to learn that every detail about the public’s calling and texting habits now reside in a N.S.A. database.”[66]

Republican and former member of Congress Ron Paul said, “We should be thankful for individuals like Edward Snowden and Glenn Greenwald who see injustice being carried out by their own government and speak out, despite the risk…. They have done a great service to the American people by exposing the truth about what our government is doing in secret.”[67] Paul denounced the government’s secret surveillance program: “The government does not need to know more about what we are doing…. We need to know more about what the government is doing.”[67] He called Congress “derelict in giving that much power to the government,” and said that had he been elected president, he would have ordered searches only when there was probable cause of a crime having been committed, which he said was not how the PRISM program was being operated.[68]

In response to Obama administration arguments that it could stop terrorism in the cases of Najibullah Zazi and David Headley, Ed Pilkington and Nicholas Watt of The Guardian said in regards to the role of PRISM and Boundless Informant interviews with parties involved in the Zazi scheme and court documents lodged in the United States and the United Kingdom indicated that “conventional” surveillance methods such as “old-fashioned tip-offs” of the British intelligence services initiated the investigation into the Zazi case.[69] An anonymous former CIA agent said that in regards to the Headley case, “That’s nonsense. It played no role at all in the Headley case. That’s not the way it happened at all.”[69] Pilkington and Watt concluded that the data-mining programs “played a relatively minor role in the interception of the two plots.”[69] Michael Daly of The Daily Beast stated that even though Tamerlan Tsarnaev had visited Inspire and even though Russian intelligence officials alerted U.S. intelligence officials about Tsarnaev, PRISM did not prevent him from carrying out the Boston bombings, and that the initial evidence implicating him came from his brother Dzhokhar Tsarnaev and not from federal intelligence. In addition Daly pointed to the fact that Faisal Shahzad visited Inspire but that federal authorities did not stop his attempted terrorist plot. Daly concluded “The problem is not just what the National Security Agency is gathering at the risk of our privacy but what it is apparently unable to monitor at the risk of our safety.”[70] In addition, political commentator Bill O’Reilly criticized the government, saying that PRISM did not stop the Boston bombings.[71]

In a blog post, David Simon, the creator of The Wire, compared the NSA’s programs, including PRISM, to a 1980s effort by the City of Baltimore to add dialed number recorders to all pay phones to know which individuals were being called by the callers;[72] the city believed that drug traffickers were using pay phones and pagers, and a municipal judge allowed the city to place the recorders. The placement of the dialers formed the basis of the show’s first season. Simon argued that the media attention regarding the NSA programs is a “faux scandal.”[72][73] George Takei, an actor who had experienced Japanese American internment, said that due to his memories of the internment, he felt concern towards the NSA surveillance programs that had been revealed.[74]

The Electronic Frontier Foundation (EFF), an international non-profit digital-rights group based in the U.S., is hosting a tool, by which an American resident can write to their government representatives regarding their opposition to mass spying.[75]

On June 11, 2013, the American Civil Liberties Union filed a lawsuit against the NSA citing that PRISM “violates Americans’ constitutional rights of free speech, association, and privacy”.[76]

International response

Reactions of Internet users in China were mixed between viewing a loss of freedom worldwide and seeing state surveillance coming out of secrecy. The story broke just before US President Barack Obama and Chinese President Xi Jinping met in California.[77][78] When asked about NSA hacking China, the spokeswoman of Ministry of Foreign Affairs of the People’s Republic of China said “China strongly advocates cybersecurity”.[79] The party-owned newspaper Liberation Daily described this surveillance like Nineteen Eighty-Four-style.[80] Hong Kong legislators Gary Fan and Claudia Mo wrote a letter to Obama, stating “the revelations of blanket surveillance of global communications by the world’s leading democracy have damaged the image of the U.S. among freedom-loving peoples around the world.”[81]

Sophie in ‘t Veld, a Dutch Member of the European Parliament, called PRISM “a violation of EU laws”.[82]

Protests at Checkpoint Charlie in Berlin

The German Federal Commissioner for Data Protection and Freedom of Information, Peter Schaar, condemned the program as “monstrous”.[83] He further added that White House claims do “not reassure me at all” and that “given the large number of German users of Google, Facebook, Apple or Microsoft services, I expect the German government […] is committed to clarification and limitation of surveillance.” Steffen Seibert, press secretary of the Chancellor’s office, announced that Angela Merkel will put these issues on the agenda of the talks with Barack Obama during his pending visit in Berlin.[84]

The Italian president of the Guarantor for the protection of personal data, Antonello Soro, said that the surveillance dragnet “would not be legal in Italy” and would be “contrary to the principles of our legislation and would represent a very serious violation”.[85]

William Hague, the foreign secretary of the United Kingdom, dismissed accusations that British security agencies had been circumventing British law by using information gathered on British citizens by Prism[86] saying, “Any data obtained by us from the United States involving UK nationals is subject to proper UK statutory controls and safeguards.”[86] David Cameron said Britain’s spy agencies that received data collected from PRISM acted within the law: “I’m satisfied that we have intelligence agencies that do a fantastically important job for this country to keep us safe, and they operate within the law.”[86][87] Malcolm Rifkind, the chairman of parliament’s Intelligence and Security Committee, said that if the British intelligence agencies were seeking to know the content of emails about people living in the UK, then they actually have to get lawful authority.[87] The UK’s Information Commissioner’s Office was more cautious, saying it would investigate PRISM alongside other European data agencies: “There are real issues about the extent to which U.S. law agencies can access personal data of UK and other European citizens. Aspects of U.S. law under which companies can be compelled to provide information to U.S. agencies potentially conflict with European data protection law, including the UK’s own Data Protection Act. The ICO has raised this with its European counterparts, and the issue is being considered by the European Commission, who are in discussions with the U.S. Government.”[82]

Ai Weiwei, a Chinese dissident, said “Even though we know governments do all kinds of things I was shocked by the information about the US surveillance operation, Prism. To me, it’s abusively using government powers to interfere in individuals’ privacy. This is an important moment for international society to reconsider and protect individual rights.”[88]

Kim Dotcom, a German-Finnish Internet entrepreneur who owned Megaupload, which was closed by the U.S. federal government, said “We should heed warnings from Snowden because the prospect of an Orwellian society outweighs whatever security benefits we derive from Prism or Five Eyes.”[89] The Hong Kong law firm representing Dotcom expressed a fear that the communication between Dotcom and the firm had been compromised by U.S. intelligence programs.[90]

Russia has offered to consider an asylum request from Edward Snowden.[91]

Taliban spokesperson Zabiullah Mujahid said “We knew about their past efforts to trace our system. We have used our technical resources to foil their efforts and have been able to stop them from succeeding so far.”[92][93]

Related government Internet surveillance programs

A parallel program, code-named BLARNEY, gathers up metadata as it streams past choke points along the backbone of the Internet. BLARNEY’s summary, set down in the slides alongside a cartoon insignia of a shamrock and a leprechaun hat, describes it as “an ongoing collection program that leverages IC [intelligence community] and commercial partnerships to gain access and exploit foreign intelligence obtained from global networks.”[94]

A related program, a big data visualization system based on cloud computing and free and open-source software (FOSS) technology known as “Boundless Informant”, was disclosed in documents leaked to The Guardian and reported on June 8, 2013. A leaked, top secret map allegedly produced by Boundless Informant revealed the extent of NSA surveillance in the U.S.[95]

ThinThread

ThinThread is the name of a project that the United States National Security Agency (NSA) pursued during the 1990s, according to a May 17, 2006 article in The Baltimore Sun.[1] The program involved wiretapping and sophisticated analysis of the resulting data, but according to the article, the program was discontinued three weeks before the September 11, 2001 attacks due to the changes in priorities and the consolidation of U.S. intelligence authority.[2] The “change in priority” consisted of the decision made by the director of NSA General Michael V. Hayden to go with a concept called Trailblazer, despite the fact that ThinThread was a working prototype that protected the privacy of U.S. citizens.

ThinThread was dismissed and replaced by the Trailblazer Project, which lacked the privacy protections.[3] A consortium led by Science Applications International Corporation was awarded a $280 million contract to develop Trailblazer in 2002.[4]

Trailblazer

Trailblazer was a United States National Security Agency (NSA) program intended to develop a capability to analyze data carried on communications networks like the Internet. It was intended to track entities using communication methods such as cell phones and e-mail.[1][2] It ran over budget, failed to accomplish critical goals, and was cancelled.

NSA whistleblowers J. Kirk Wiebe, William Binney, Ed Loomis, and House Permanent Select Committee on Intelligence staffer Diane Roark complained to the Department of Defense’s Inspector General (IG) about waste, fraud, and abuse in the program, and the fact that a successful operating prototype existed, but was ignored when the Trailblazer program was launched. The complaint was accepted by the IG and an investigation began that lasted until mid-2005 when the final results were issued. The results were largely hidden, as the report given to the public was heavily (90%) redacted, while the original report was heavily classified, thus restricting the ability of most people to see it.

The people who filed the IG complaint were later raided by armed Federal Bureau of Investigation (FBI) agents. While the Government threatened to prosecute all who signed the IG report, it ultimately chose to pursue an NSA Senior Executive — Thomas Andrews Drake — who helped with the report internally to NSA and who had spoken with a reporter about the project. Drake was later charged under the Espionage Act of 1917. His defenders claimed this was retaliation.[3][4] The charges against him were later dropped, and he agreed to plead guilty to having committed a misdemeanor under the Computer Fraud and Abuse Act, something that Jesselyn Radack of the Government Accountability Project (which helped represent him) called an “act of civil disobedience”.[5]

Background

Trailblazer was chosen over a similar program named ThinThread, a less costly project which had been designed with built-in privacy protections for United States citizens.[4][3] Trailblazer was later linked to the NSA electronic surveillance program and the NSA warrantless surveillance controversy.[3]

In 2002 a consortium led by Science Applications International Corporation was chosen by the NSA to produce a technology demonstration platform in a contract worth $280 million. Project participants included Boeing, Computer Sciences Corporation, and Booz Allen Hamilton. The project was overseen by NSA Deputy Director William B. Black, Jr., an NSA worker who had gone to SAIC, and then been re-hired back to NSA by NSA director Michael Hayden in 2000.[6][7][8] SAIC had also hired a former NSA director to its management; Bobby Inman.[9] SAIC also participated in the concept definition phase of Trailblazer.[10][11]

Redacted version of the DoD Inspector General audit, obtained through the Freedom of Information Act by the Project on Government Oversight and others. [12][5]

The NSA Inspector General issued a report on Trailblazer that “discussed improperly based contract cost increases, non-conformance in the management of the Statement of Work, and excessive labor rates for contractor personnel.” [13]

In 2004 the DoD IG report criticized the program (see the Whistleblowing section below). It said that the “NSA ‘disregarded solutions to urgent national security needs'” and “that TRAILBLAZER was poorly executed and overly expensive …” Several contractors for the project were worried about cooperating with DoD’s audit for fear of “management reprisal.”[5] The Director of NSA “nonconcurred” with several statements in the IG audit, and the report contains a discussion of those disagreements.[14]

In 2005, NSA director Michael Hayden told a Senate hearing that the Trailblazer program was several hundred million dollars over budget and years behind schedule.[15] In 2006 the program was shut down,[3] after having cost billions of US Dollars.[16] Several anonymous NSA sources told Hosenball of Newsweek later on that the project was a “wasteful failure”.[17]

The new project replacing Trailblazer is called Turbulence.[3]

Whistleblowing

According to a 2011 New Yorker article, in the early days of the project several NSA employees met with Diane S Roark, an NSA budget expert on the House Intelligence Committee. They aired their grievances about Trailblazer. In response, NSA director Michael Hayden sent out a memo saying that “individuals, in a session with our congressional overseers, took a position in direct opposition to one that we had corporately decided to follow … Actions contrary to our decisions will have a serious adverse effect on our efforts to transform N.S.A., and I cannot tolerate them.”[3]

In September 2002, several people filed a complaint with the Department of Defense IG’s office regarding problems with Trailblazer: they included Roark (aforementioned), ex-NSA senior analysts Bill Binney, Kirk Wiebe, and Senior Computer Systems Analyst Ed Loomis, who had quit the agency over concerns about its mismanagement of acquisition and allegedly illegal domestic spying.[3][18][19] A major source for the report was NSA senior officer Thomas Andrews Drake. Drake had been complaining to his superiors for some time about problems at the agency, and about the superiority of ThinThread over Trailblazer, for example, at protecting privacy.[19] Drake gave info to DoD during its investigation of the matter.[19] Roark also went to her boss at the House committee, Porter Goss, about problems, but was rebuffed.[20] She also attempted to contact William Renquist, the Supreme Court Chief Justice at the time.[19]

Drake’s own boss, Maureen Baginski, the third-highest officer at NSA, quit partly over concerns about the legality of its behavior.[3]

In 2003, the NSA IG (not the DoD IG)[19] had declared Trailblazer an expensive failure.[21] It had cost more than $1 billion.[8][22][23]

In 2005, the DoD IG produced a report on the result of its investigation of the complaint of Roark and the others in 2002. This report was not released to the public, but it has been described as very negative.[18] Mayer writes that it hastened the closure of Trailblazer, which was at the time in trouble from congress for being over budget.[3]

In November 2005, Drake contacted Siobhan Gorman, a reporter of The Baltimore Sun.[24][17][25] Gorman wrote several articles about problems at the NSA, including articles on Trailblazer. This series got her an award from the Society of Professional Journalists.[17]

In 2005, President George W. Bush ordered the FBI to find whoever had disclosed information about the NSA electronic surveillance program and its disclosure in the New York Times. Eventually, this investigation led to the people who had filed the 2002 DoD IG request, even though they had nothing to do with the New York Times disclosure. In 2007, the houses of Roark, Binney, and Wiebe were raided by armed FBI agents. According to Mayer, Binney claims the FBI pointed guns at his head and that of his wife. Wiebe said it reminded him of the Soviet Union.[3][18] None of these people were ever charged with any crime. Four months later, Drake was raided in November 2007 and his computers and documents were confiscated.

In 2010 Drake was indicted by the U.S. Department of Justice on charges of obstructing justice, providing false information, and violating the Espionage Act of 1917,[17][26][27] part of President Barack Obama’s crackdown on whistleblowers and “leakers”.[24][17][28][18] The government tried to get Roark to testify to a conspiracy, and made similar requests to Drake, offering him a plea bargain. They both refused.[3]

In June 2011, the ten original charges against Drake were dropped, instead he pleaded guilty to a misdemeanor.[5]

Boundless Informant

Boundless Informant is a big data analysis and data visualization system used by the United States National Security Agency (NSA) to give NSA managers summaries of NSA’s world wide data collection activities.[1] It is described in an unclassified, For Official Use Only Frequently Asked Questions (FAQ) memo published by The Guardian.[2] According to a Top Secret heat map display also published by The Guardian and allegedly produced by the Boundless Informant program, almost 3 billion data elements from inside the United States were captured by NSA over a 30-day period ending in March 2013.

Data analyzed by Boundless Informant includes electronic surveillance program records (DNI) and telephone call metadata records (DNR) stored in an NSA data archive called GM-PLACE. It does not include FISA data, according to the FAQ memo. PRISM, a government codename for a collection effort known officially as US-984XN, which was revealed at the same time as Boundless Informant, is one source of DNR data. According to the map, Boundless Informant summarizes data records from 504 separate DNR and DNI collection sources (SIGADs). In the map, countries that are under surveillance are assigned a color from green, representing least coverage to red, most intensive.[3][4]

History

Slide showing that much of the world’s communications flow through the US.

Intelligence gathered by the United States government inside the United States or specifically targeting US citizens is legally required to be gathered in compliance with the Foreign Intelligence Surveillance Act of 1978 (FISA) and under the authority of the Foreign Intelligence Surveillance Court (FISA court).[5][6][7]

NSA global data mining projects have existed for decades, but recent programs of intelligence gathering and analysis that include data gathered from inside the United States such as PRISM were enabled by changes to US surveillance law introduced under President Bush and renewed under President Obama in December 2012.[8]

Boundless Informant was first publicly revealed on June 8, 2013, after classified documents about the program were leaked to The Guardian.[1][9] The newspaper identified its informant, at his request, as Edward Snowden, who worked at the NSA for the defense contractor Booz Allen Hamilton.[10]

Technology

According to published slides, Boundless Informant leverages Free and Open Source Software—and is therefore “available to all NSA developers”—and corporate services hosted in the cloud. The tool uses HDFS, MapReduce, and Cloudbase for data processing.[11]

Legality and FISA Amendments Act of 2008

The FISA Amendments Act (FAA) Section 702 is referenced in PRISM documents detailing the electronic interception, capture and analysis of metadata. Many reports and letters of concern written by members of Congress suggest that this section of FAA in particular is legally and constitutionally problematic, such as by targeting U.S. persons, insofar as “Collections occur in U.S.” as published documents indicate.[12][13][14][15]

The ACLU has asserted the following regarding the FAA: “Regardless of abuses, the problem with the FAA is more fundamental: the statute itself is unconstitutional.”[16]

Senator Rand Paul is introducing new legislation called the Fourth Amendment Restoration Act of 2013 to stop the NSA or other agencies of the United States government from violating the Fourth Amendment to the U.S. Constitution using technology and big data information systems like PRISM and Boundless Informant.[17][18]

ECHELON

ECHELON is a name used in global media and in popular culture to describe a signals intelligence (SIGINT) collection and analysis network operated on behalf of the five signatory states to the UKUSA Security Agreement[1] (Australia, Canada, New Zealand, the United Kingdom, and the United States, referred to by a number of abbreviations, including AUSCANNZUKUS[1] and Five Eyes).[2][3] It has also been described as the only software system which controls the download and dissemination of the intercept of commercial satellite trunk communications.[4]

ECHELON, according to information in the European Parliament document, “On the existence of a global system for the interception of private and commercial communications (ECHELON interception system)” was created to monitor the military and diplomatic communications of the Soviet Union and its Eastern Bloc allies during the Cold War in the early 1960s.[5]

The system has been reported in a number of public sources.[6] Its capabilities and political implications were investigated by a committee of the European Parliament during 2000 and 2001 with a report published in 2001,[5] and by author James Bamford in his books on the National Security Agency of the United States.[4] The European Parliament stated in its report that the term ECHELON is used in a number of contexts, but that the evidence presented indicates that it was the name for a signals intelligence collection system. The report concludes that, on the basis of information presented, ECHELON was capable of interception and content inspection of telephone calls, fax, e-mail and other data traffic globally through the interception of communication bearers including satellite transmission, public switched telephone networks (which once carried most Internet traffic) and microwave links.[5]

Bamford describes the system as the software controlling the collection and distribution of civilian telecommunications traffic conveyed using communication satellites, with the collection being undertaken by ground stations located in the footprint of the downlink leg.

Organization

The UKUSA intelligence community was assessed by the European Parliament (EP) in 2000 to include the signals intelligence agencies of each of the member states:

the Government Communications Headquarters of the United Kingdom,

the National Security Agency of the United States,

the Communications Security Establishment of Canada,

the Defence Signals Directorate of Australia, and

the Government Communications Security Bureau of New Zealand.

the National SIGINT Organisation (NSO) of The Netherlands

The EP report concluded that it seemed likely that ECHELON is a method of sorting captured signal traffic, rather than a comprehensive analysis tool.[5]

Capabilities

The ability to intercept communications depends on the medium used, be it radio, satellite, microwave, cellular or fiber-optic.[5] During World War II and through the 1950s, high frequency (“short wave”) radio was widely used for military and diplomatic communication,[7] and could be intercepted at great distances.[5] The rise of geostationary communications satellites in the 1960s presented new possibilities for intercepting international communications. The report to the European Parliament of 2001 states: “If UKUSA states operate listening stations in the relevant regions of the earth, in principle they can intercept all telephone, fax and data traffic transmitted via such satellites.”[5]

The role of satellites in point-to-point voice and data communications has largely been supplanted by fiber optics; in 2006, 99% of the world’s long-distance voice and data traffic was carried over optical-fiber.[8] The proportion of international communications accounted for by satellite links is said to have decreased substantially over the past few years[when?] in Central Europe to an amount between 0.4% and 5%.[5] Even in less-developed parts of the world, communications satellites are used largely for point-to-multipoint applications, such as video.[9] Thus, the majority of communications can no longer be intercepted by earth stations; they can only be collected by tapping cables and intercepting line-of-sight microwave signals, which is possible only to a limited extent.[5]

One method of interception is to place equipment at locations where fiber optic communications are switched. For the Internet, much of the switching occurs at relatively few sites. There have been reports of one such intercept site, Room 641A, in the United States. In the past[when?] much Internet traffic was routed through the U.S. and the UK, but this has changed; for example, in 2000, 95% of intra-German Internet communications was routed via the DE-CIX Internet exchange point in Frankfurt.[5] A comprehensive worldwide surveillance network is possible only if clandestine intercept sites are installed in the territory of friendly nations, and/or if local authorities cooperate. The report to the European Parliament points out that interception of private communications by foreign intelligence services is not necessarily limited to the U.S. or British foreign intelligence services.[5]

Most reports on ECHELON focus on satellite interception; testimony before the European Parliament indicated that separate but similar UK-US systems are in place to monitor communication through undersea cables, microwave transmissions and other lines.[10]

Controversy

See also: Industrial espionage

Intelligence monitoring of citizens, and their communications, in the area covered by the AUSCANNZUKUS security agreement has caused concern. British journalist Duncan Campbell and New Zealand journalist Nicky Hager asserted in the 1990s that the United States was exploiting ECHELON traffic for industrial espionage, rather than military and diplomatic purposes.[10] Examples alleged by the journalists include the gear-less wind turbine technology designed by the German firm Enercon[5][11] and the speech technology developed by the Belgian firm Lernout & Hauspie.[12] An article in the US newspaper Baltimore Sun reported in 1995 that European aerospace company Airbus lost a $6 billion contract with Saudi Arabia in 1994 after the US National Security Agency reported that Airbus officials had been bribing Saudi officials to secure the contract.[13][14]

In 2001, the Temporary Committee on the ECHELON Interception System recommended to the European Parliament that citizens of member states routinely use cryptography in their communications to protect their privacy, because economic espionage with ECHELON has been conducted by the US intelligence agencies.[5]

Bamford provides an alternative view, highlighting that legislation prohibits the use of intercepted communications for commercial purposes, although he does not elaborate on how intercepted communications are used as part of an all-source intelligence process.

Hardware

According to its website, the U.S. National Security Agency (NSA) is “a high technology organization … on the frontiers of communications and data processing”. In 1999 the Australian Senate Joint Standing Committee on Treaties was told by Professor Desmond Ball that the Pine Gap facility was used as a ground station for a satellite-based interception network. The satellites were said to be large radio dishes between 20 and 100 meters in diameter in geostationary orbits.[citation needed] The original purpose of the network was to monitor the telemetry from 1970s Soviet weapons, air defence radar, communications satellites and ground based microwave communications.[15]

Name

The European Parliament’s Temporary Committee on the ECHELON Interception System stated: “It seems likely, in view of the evidence and the consistent pattern of statements from a very wide range of individuals and organisations, including American sources, that its name is in fact ECHELON, although this is a relatively minor detail.”[5] The U.S. intelligence community uses many code names (see, for example, CIA cryptonym).

Former NSA employee Margaret Newsham claims that she worked on the configuration and installation of software that makes up the ECHELON system while employed at Lockheed Martin, for whom she worked from 1974 to 1984 in Sunnyvale, California, US, and in Menwith Hill, England, UK.[16] At that time, according to Newsham, the code name ECHELON was NSA’s term for the computer network itself. Lockheed called it P415. The software programs were called SILKWORTH and SIRE. A satellite named VORTEX intercepted communications. An image available on the internet of a fragment apparently torn from a job description shows Echelon listed along with several other code names.[17]

Ground stations

The 2001 European Parliamentary (EP) report[5] lists several ground stations as possibly belonging to, or participating in, the ECHELON network. These include:

Likely satellite intercept stations

The following stations are listed in the EP report (p. 54 ff) as likely to have, or to have had, a role in intercepting transmissions from telecommunications satellites:

Hong Kong (since closed)

Australian Defence Satellite Communications Station (Geraldton, Western Australia)

Room 641A

Room 641A is a telecommunication interception facility operated by AT&T for the U.S. National Security Agency that commenced operations in 2003 and was exposed in 2006.[1][2]

Description

Room 641A is located in the SBC Communications building at 611 Folsom Street, San Francisco, three floors of which were occupied by AT&T before SBC purchased AT&T.[1] The room was referred to in internal AT&T documents as the SG3 [Study Group 3] Secure Room. It is fed by fiber optic lines from beam splitters installed in fiber optic trunks carrying Internet backbone traffic[3] and, as analyzed by J. Scott Marcus, a former CTO for GTE and a former adviser to the FCC, who has access to all Internet traffic that passes through the building, and therefore “the capability to enable surveillance and analysis of internet content on a massive scale, including both overseas and purely domestic traffic.”[4] Former director of the NSA’s World Geopolitical and Military Analysis Reporting Group, William Binney, has estimated that 10 to 20 such facilities have been installed throughout the United States.[2]

The room measures about 24 by 48 feet (7.3 by 15 m) and contains several racks of equipment, including a Narus STA 6400, a device designed to intercept and analyze Internet communications at very high speeds.[1]

The very existence of the room was revealed by a former AT&T technician, Mark Klein, and was the subject of a 2006 class action lawsuit by the Electronic Frontier Foundation against AT&T.[5] Klein claims he was told that similar black rooms are operated at other facilities around the country.

Room 641A and the controversies surrounding it were subjects of an episode of Frontline, the current affairs documentary program on PBS. It was originally broadcast on May 15, 2007. It was also featured on PBS’s NOW on March 14, 2008. The room was also covered in the PBS Nova episode “The Spy Factory”.

Lawsuit

Basic diagram of how the alleged wiretapping was accomplished. From EFF court filings[4]

The Electronic Frontier Foundation (EFF) filed a class-action lawsuit against AT&T on January 31, 2006, accusing the telecommunication company of violating the law and the privacy of its customers by collaborating with the National Security Agency (NSA) in a massive, illegal program to wiretap and data-mine Americans’ communications. On July 20, 2006, a federal judge denied the government’s and AT&T’s motions to dismiss the case, chiefly on the ground of the States Secrets Privilege, allowing the lawsuit to go forward. On August 15, 2007, the case was heard by the Ninth Circuit Court of Appeals and was dismissed on December 29, 2011 based on a retroactive grant of immunity by Congress for telecommunications companies that cooperated with the government. The U.S. Supreme Court declined to hear the case.[6] A different case by the EFF was filed on September 18, 2008, titled Jewel v. NSA.

PRISM: A clandestine national security electronic surveillance program operated by the United States National Security Agency (NSA) which can target customers of participating corporations outside or inside the United States

Main Core: A personal and financial database storing information of millions of U.S. citizens believed to be threats to national security.[7] The data mostly comes from the NSA, FBI, CIA, as well as other government sources.[7]